is there a program that can scan a Linux hard disk looking for vulnerable web apps?
February 1, 2005 12:17 PM   Subscribe

LinuxAdminFilter: is there a program that can scan a server hard disk looking for vulnerable web apps? [more inside]

I have a dedicated server with several users and I want to make sure they are not running vulnerable versions of gallery, for example.

You could say that I'm looking for some kind of "antivirus-like" scanner that can look for known files identifying popular webapps that have known vulnerabilities and create a report.

I don't want an external scanner, I don't care about open ports, all I care is about cgi scripts and php pages.
posted by sd to Computers & Internet (6 answers total)
Heh, good luck! Aside from something that makes sure your application server is up to date, there's no scanner for poorly written webapps.
posted by furtive at 12:21 PM on February 1, 2005

I think Nessus will do this, but it's an external scanner.
posted by tomierna at 12:42 PM on February 1, 2005

If Nessus can detect well known vulnerabilities in web apps, I don't think sd's limitation applies--I get the impression he means he just doesn't want a port scanner, which wouldn't be any good for that sort of thing anyways.

Other than that, though, furtive is right, nobody's made one of those yet. Too many web apps, too many versions of each, so little time.

The best way to do that, if Nessus fails, is to search for well known ID strings of known-vulnerable versions of as many apps as you can think of. I guess that's what such a script would do, heh.

Certainly, searching for the vulnerabilities themselves would be nigh-impossible, so the best you can do is to know that verison X of software Y is bad and to look for an install of it.
posted by cyrusdogstar at 12:58 PM on February 1, 2005

As suggested Nessus does have a vulnerability database that should check for known vulnerabilities( ie gallery or phpbb ). I think it also attempts to check common XSS probabilities. cgichk will do some checking of a few known "interesting" cgi scripts, plus a few common httpd bugs. If you know how XSS attacks go down you can get hardcore and audit( by hand ) those webapps you are concerned about using this cheat sheet.
posted by mnology at 1:39 PM on February 1, 2005

RPVS aka Remote PHP Vulnerability Scanner


It's windows specific so I haven't ran it, but I've used similar apps to scan for vulnerabilities in installed web applications. No idea what you meant by an internal scanner - do you mean using find(1) or something, cause the best way to do this is going to be via HTTP.

You might also want to check out mod_security to provide an additional layer of defense against badly written web applications.
posted by jperkins at 2:07 PM on February 1, 2005

You might be better off running apache in a chroot jail. You could scan for known vulnerable apps all day and still not catch the person who writes a Perl CGI script:

print qx( $cgi->param("q") );
posted by Plutor at 4:10 PM on February 1, 2005

« Older Old-Timey Music   |   How do we raise siblings? Newer »
This thread is closed to new comments.